A total of seven Hong Kong VPN providers are being accused of violating privacy policies when they allegedly released private data from their users. These include UFO VPN, FAST VPN, Free VPN, Super VPN, Secure VPN, Rabbit VPN, and Flash VPN, VPN Mentor reported.
In the report, it has been said that each of these providers has been found under the "no-log" VPNs, which mean that they are not recording user activity in the apps. However, those who scrutinized reportedly found activity logs in the shared server.
The data include PII, email addresses, IP addresses, clear text passwords, phone models, home addresses, device IDs, and more.
The leak also allegedly included connection logs, payment info, addresses, plain text passwords, and website activity. These providers are white labels that are rebranding services from a common provider, the report added.
A VPN refers to a virtual connection series routed over the Internet, which are responsible for encrypting data as it moves through the client's devices and the Internet, or web servers. Many of the protocols have built-in encryption, including NNTPS, LDAPS, HTTPS, and more.
Inaccuracy of information
A correspondent from Engadget wrote, "A person of the companies, UFO VPN, claimed that it couldn't lock down its data promptly because of pandemic-similar staff changes. It also preserved that the logs were being only utilised for overall performance checking and have been supposedly anonymized."
For instance, there are inaccuracies to the statements of UFO VPN, though they point to details that specific the explicit naming. Apparently, there are activities logged, debunking the zero-log claims.
Also Read: The Best VPN Services: What They Offer And Base On
Implications
These scrutinies only imply that there are challenges with white label VPN products, including rebranding actions for services without having to stay with their promises.
"If you're concerned about the privacy of your data, it may be better to stick to major brands," Fingas wrote on Engadget.
Customers who are particular about these data might choose to have another VPN provider that is not on the list.
Hong Kong is a special administrative region from China. With these happening, it might be dangerous for the region since threats to authorities may take advantage of VPNs to stay away from censorship and surveillance from mainland China.
Should this continue, it may be difficult for the authorities to combat dissidents. The challenges now moving forward is about changing login information and swapping details.
Meanwhile, in other VPN news, 9News reported there is an estimated one billion Internet records exposed to a massive breach of data, affecting over 20 million people using VPNs. Researchers claim they uncovered an unsecured server shared by various VPNs.
"The lack of basic security measures in an essential part of a cybersecurity product is not just shocking," the lead researcher stated.